const express = require('express');
const { body, query } = require('express-validator');
const userController = require('../controllers/userController');
const { authenticate, authorize } = require('../middleware/auth');
const { validate } = require('../middleware/validation');

const router = express.Router();

// 管理员路由
router.get(
    '/admin/users',
    authenticate,
    authorize('admin'),
    userController.getUsers
);

router.get(
    '/admin/users/:id',
    authenticate,
    authorize('admin'),
    userController.getUserById
);

router.put(
    '/admin/users/:id/status',
    authenticate,
    authorize('admin'),
    [
        body('isActive')
            .optional()
            .isBoolean()
            .withMessage('isActive 必须为布尔值'),
        body('role')
            .optional()
            .isIn(['customer', 'admin'])
            .withMessage('role 必须为 customer 或 admin')
    ],
    validate,
    userController.updateUserStatus
);

router.delete(
    '/admin/users/:id',
    authenticate,
    authorize('admin'),
    userController.deleteUser
);

module.exports = router;